<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=utf-8" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<div></div>

<h2 dir="auto">

<a id="user-content-description-of-problem" class="anchor" href="#description-of-problem" aria-hidden="true"></a>Description of problem:</h2>

<p dir="auto">gnutls-cli v3.6.7.1 fails when built using mingw (works with v3.5.19)</p>

<h2 dir="auto">

<a id="user-content-version-of-gnutls-used" class="anchor" href="#version-of-gnutls-used" aria-hidden="true"></a>Version of gnutls used:</h2>

<p dir="auto">3.6.7.1</p>

<h2 dir="auto">

<a id="user-content-distributor-of-gnutls-eg-ubuntu-fedora-rhel" class="anchor" href="#distributor-of-gnutls-eg-ubuntu-fedora-rhel" aria-hidden="true"></a>Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)</h2>

<p dir="auto">Built locally</p>

<h2 dir="auto">

<a id="user-content-how-reproducible" class="anchor" href="#how-reproducible" aria-hidden="true"></a>How reproducible:</h2>

<p dir="auto">Steps to Reproduce:</p>

<ul dir="auto">

<li>Build gnutls using spec file attached</li>

<li>Run gnutls-cli -d 3 <a href="http://www.google.co.uk" rel="nofollow noreferrer noopener" target="_blank">www.google.co.uk</a>

</li>

</ul>

<h2 dir="auto">

<a id="user-content-actual-results" class="anchor" href="#actual-results" aria-hidden="true"></a>Actual results:</h2>

<p dir="auto">Processed 0 CA certificate(s).

Resolving 'www.google.co.uk:443'...

Connecting to '216.58.212.99:443'...

|<2>| Initializing needed PKCS <a href="https://gitlab.com/gnutls/gnutls/issues/11" data-original="#11" data-link="false" data-link-reference="false" data-project="179611" data-issue="240725" data-reference-type="issue" data-container="body" data-placement="bottom" title="Gnutls should use MSG_NOSIGNAL when writing to a socket" class="gfm gfm-issue has-tooltip">#11</a> modules

|<2>| p11: Initializing module: p11-kit-trust

|<2>| p11: No login requested.

|<3>| p11 attrs: CKA_CLASS (CERT), CKA_CERTIFICATE_TYPE

|<3>| p11 attrs: CKA_TRUSTED

|<3>| p11 attrs: CKA_CERTIFICATE_CATEGORY=CA

|<3>| ASSERT: ../../lib/pkcs11.c[find_multi_objs_cb]:3101

|<2>| added 6 protocols, 29 ciphersuites, 18 sig algos and 9 groups into priority list

|<2>| Keeping ciphersuite 13.02 (GNUTLS_AES_256_GCM_SHA384)

|<2>| Keeping ciphersuite 13.03 (GNUTLS_CHACHA20_POLY1305_SHA256)

|<2>| Keeping ciphersuite 13.01 (GNUTLS_AES_128_GCM_SHA256)

|<2>| Keeping ciphersuite 13.04 (GNUTLS_AES_128_CCM_SHA256)

|<2>| Keeping ciphersuite c0.2c (GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384)

|<2>| Keeping ciphersuite cc.a9 (GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305)

|<2>| Keeping ciphersuite c0.ad (GNUTLS_ECDHE_ECDSA_AES_256_CCM)

|<2>| Keeping ciphersuite c0.0a (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1)

|<2>| Keeping ciphersuite c0.2b (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256)

|<2>| Keeping ciphersuite c0.ac (GNUTLS_ECDHE_ECDSA_AES_128_CCM)

|<2>| Keeping ciphersuite c0.09 (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1)

|<2>| Keeping ciphersuite c0.30 (GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384)

|<2>| Keeping ciphersuite cc.a8 (GNUTLS_ECDHE_RSA_CHACHA20_POLY1305)

|<2>| Keeping ciphersuite c0.14 (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1)

|<2>| Keeping ciphersuite c0.2f (GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256)

|<2>| Keeping ciphersuite c0.13 (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1)

|<2>| Keeping ciphersuite 00.9d (GNUTLS_RSA_AES_256_GCM_SHA384)

|<2>| Keeping ciphersuite c0.9d (GNUTLS_RSA_AES_256_CCM)

|<2>| Keeping ciphersuite 00.35 (GNUTLS_RSA_AES_256_CBC_SHA1)

|<2>| Keeping ciphersuite 00.9c (GNUTLS_RSA_AES_128_GCM_SHA256)

|<2>| Keeping ciphersuite c0.9c (GNUTLS_RSA_AES_128_CCM)

|<2>| Keeping ciphersuite 00.2f (GNUTLS_RSA_AES_128_CBC_SHA1)

|<2>| Keeping ciphersuite 00.9f (GNUTLS_DHE_RSA_AES_256_GCM_SHA384)

|<2>| Keeping ciphersuite cc.aa (GNUTLS_DHE_RSA_CHACHA20_POLY1305)

|<2>| Keeping ciphersuite c0.9f (GNUTLS_DHE_RSA_AES_256_CCM)

|<2>| Keeping ciphersuite 00.39 (GNUTLS_DHE_RSA_AES_256_CBC_SHA1)

|<2>| Keeping ciphersuite 00.9e (GNUTLS_DHE_RSA_AES_128_GCM_SHA256)

|<2>| Keeping ciphersuite c0.9e (GNUTLS_DHE_RSA_AES_128_CCM)

|<2>| Keeping ciphersuite 00.33 (GNUTLS_DHE_RSA_AES_128_CBC_SHA1)

|<2>| Advertizing version 3.4

|<2>| Advertizing version 3.3

|<2>| Advertizing version 3.2

|<2>| Advertizing version 3.1

|<2>| HSK[0000000000530320]: sent server name: 'www.google.co.uk'

|<3>| ASSERT: ../../lib/buffers.c[_gnutls_writev_emu]:464

|<2>| WRITE: -1 returned from 000000000022eae0, errno: 0

|<3>| ASSERT: ../../lib/buffers.c[errno_to_gerr]:230

|<3>| ASSERT: ../../lib/buffers.c[_gnutls_io_write_flush]:722

|<3>| ASSERT: ../../lib/handshake.c[handshake_client]:2973

*** Fatal error: Error in the push function.

|<3>| ASSERT: ../../lib/buffers.c[_gnutls_writev_emu]:464

|<2>| WRITE: -1 returned from 000000000022eae0, errno: 0

|<3>| ASSERT: ../../lib/buffers.c[errno_to_gerr]:230

|<3>| ASSERT: ../../lib/buffers.c[_gnutls_io_write_flush]:722

|<3>| ASSERT: ../../lib/record.c[_gnutls_send_tlen_int]:574

Could not connect to 216.58.212.99:443: Bad file descriptor</p>

<h2 dir="auto">

<a id="user-content-expected-results" class="anchor" href="#expected-results" aria-hidden="true"></a>Expected results:</h2>

<p dir="auto">Processed 0 CA certificate(s).

Resolving 'www.google.co.uk'...

Connecting to '216.58.206.67:443'...</p>

<ul dir="auto">

<li>

<p>Certificate type: X.509</p>

</li>

<li>

<p>Got a certificate list of 2 certificates.</p>

</li>

<li>

<p>Certificate[0] info:</p>

</li>

<li>

<p>subject <code>C=US,ST=California,L=Mountain View,O=Google LLC,CN=www.google.co.uk', issuer</code>C=US,O=Google Trust Services,CN=Google

Internet Authority G3', RSA key 2048 bits, signed using RSA-SHA256, activated

<code>2019-03-01 09:34:53 UTC', expires</code>2019-05-24 09:25:00 UTC', SHA-1 fingerprint

`9da50c1e55eac98d35f2fdd72cdb1f75d21c25cd'

Public Key ID:

e0128e3442a67b393f7f59a6648bd67cf087fd13

Public key's random art:

+--[ RSA 2048]----+

| o               |

|+                |

|o o . .          |

| + = o .         |

|. = o . S        |

| . o .  + o   E  |

|    o  * O o   . |

|     oo B + o .  |

|     ... . . ... |

+-----------------+</p>

</li>

<li>

<p>Certificate[1] info:</p>

</li>

<li>

<p>subject <code>C=US,O=Google Trust Services,CN=Google Internet Authority G3', issuer</code>OU=GlobalSign Root CA - R2,O=GlobalSign,CN=GlobalSign', RSA key 2048

bits, signed using RSA-SHA256, activated <code>2017-06-15 00:00:42 UTC', expires</code>2021-12-15 00:00:42 UTC', SHA-1 fingerprint

`eeacbd0cb452819577911e1e6203db262f84a318'</p>

</li>

<li>

<p>Status: The certificate is NOT trusted. The certificate issuer is unknown.

*** PKI verification of server certificate failed...

*** Fatal error: Error in the certificate.

*** Handshake has failed

GnuTLS error: Error in the certificate.</p>

</li>

</ul>

<h2 dir="auto">

<a id="user-content-analysis" class="anchor" href="#analysis" aria-hidden="true"></a>Analysis</h2>

<p dir="auto">See attached debug session and note in particular the value of hd passed to socket_open2() and the value of fd passed to _gnutls_writev_emu(). Clearly the correct value of fd should be hd->fd rather than hd itself, but I don't know enough about the internals of gnutls to hazard a guess as to where this should be occurring.</p>

<p dir="auto"><a href="https://gitlab.com/gnutls/gnutls/uploads/1d8457da791daeb7447f9635c0ed4c2c/mingw-gnutls.spec">mingw-gnutls.spec</a><a href="https://gitlab.com/gnutls/gnutls/uploads/88bd736c65168b279078badaff765afb/gnutls.typescript">gnutls.typescript</a><a href="https://gitlab.com/gnutls/gnutls/uploads/1b9d5f8b6ef0c250972c98a787fdd3b3/debug-session.txt">debug-session.txt</a></p>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777;">

—

<br>

Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/issues/751">view it on GitLab</a>.

<br>

You're receiving this email because of your account on gitlab.com.

If you'd like to receive fewer emails, you can

<a href="https://gitlab.com/sent_notifications/30e1af930f719a4f680773294faee48b/unsubscribe">unsubscribe</a>

from this thread or

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/issues/751"}}</script>

</p>

</div>

</body>

</html>